Megaqin device vulnerability attacked by Mirai, experts warn of the risk of coercion!

The device vulnerability patched by Zyxel in April (CVE-2023-28771) raised the alarm of cybersecurity experts after details of the attack were revealed in May. Experts warn that the Mirai botnet has begun to host unpatched mega devices on a large scale and carry out attacks on networks around the world.

The mega device was attacked

The ShadowServer Foundation, a security nonprofit, found in recent surveillance that multiple megagenic devices were used to carry out the attack. Due to the disclosure of PoC (Proof of Concept) programs that abuse the vulnerability, the Foundation predicts that future attack activity will rise further. Their trapping system has recorded more than 700 attacks since May 26, showing that mega-mobile devices are widely distributed and the number of attacks is quite staggering.

Where do device vulnerabilities come from?

The vulnerability of mega devices has recently attracted renewed attention, especially firewalls and VPN devices. Security expert Kevin Beaumont pointed out that the mega device vulnerability CVE-2023-28771 was abused by the Mirai botnet program, causing the entire Internet to be targeted. Multiple antivirus software detected the activity of the Mirai program on the VirusTotal platform, indicating a worrying number of devices under attack.

Vulnerability patching measures

In April, mega technology patched CVE-2023-28771, a major vulnerability in its firewall and VPN equipment products, and called on users to install the new version of the firmware as soon as possible. This vulnerability, which stems from the IKE packet decryption component in the firmware, could allow unauthorized attackers to transmit malicious packets and remotely execute operating system instructions, is a critical vulnerability with a severity of 9.8 out of 10. However, security operator Rapid7 warns that at least 40,000 firewall devices have not been updated and pose a risk of vulnerability, which puts them at risk of attack.

Last week (May 24), Mega Info patched two additional critical vulnerabilities in its products, CVE-2023-33009 and CVE-2023-33010, both of which allow unverified attackers to launch denial-of-service (DoS) attacks or remotely execute instructions. Both vulnerabilities also have a risk rating of 9.8 and affect Zyxel ATP series devices.